static int retain_mode = 0;
/* privileges */
-static zebra_capabilities_t _caps_p[] = {
- ZCAP_BIND, ZCAP_NET_RAW, ZCAP_NET_ADMIN,
-};
+static zebra_capabilities_t _caps_p[] = {ZCAP_BIND, ZCAP_NET_RAW,
+ ZCAP_NET_ADMIN, ZCAP_SYS_ADMIN};
struct zebra_privs_t bgpd_privs = {
#if defined(FRR_USER) && defined(FRR_GROUP)
if (old_vrf_id != bgp->vrf_id)
bgp_update_redist_vrf_bitmaps(bgp, old_vrf_id);
bgp_instance_up(bgp);
+ vpn_leak_zebra_vrf_label_update(bgp, AFI_IP);
+ vpn_leak_zebra_vrf_label_update(bgp, AFI_IP6);
}
return 0;
bgp = bgp_lookup_by_name(vrf->name);
if (bgp) {
+
+ vpn_leak_zebra_vrf_label_withdraw(bgp, AFI_IP);
+ vpn_leak_zebra_vrf_label_withdraw(bgp, AFI_IP6);
+
old_vrf_id = bgp->vrf_id;
bgp_handle_socket(bgp, vrf, VRF_UNKNOWN, false);
/* We have instance configured, unlink from VRF and make it
frr_preinit(&bgpd_di, argc, argv);
frr_opt_add(
"p:l:rSne:", longopts,
- " -p, --bgp_port Set bgp protocol's port number\n"
+ " -p, --bgp_port Set BGP listen port number (0 means do not listen).\n"
" -l, --listenon Listen on specified address (implies -n)\n"
" -r, --retain When program terminates, retain added route by bgpd.\n"
" -n, --no_kernel Do not install route to kernel.\n"
break;
case 'p':
tmp_port = atoi(optarg);
- if (tmp_port <= 0 || tmp_port > 0xffff)
+ if (tmp_port < 0 || tmp_port > 0xffff)
bgp_port = BGP_PORT_DEFAULT;
else
bgp_port = tmp_port;
/* BGP master init. */
bgp_master_init(frr_init());
bm->port = bgp_port;
+ if (bgp_port == 0)
+ bgp_option_set(BGP_OPT_NO_LISTEN);
bm->address = bgp_address;
if (no_fib_flag)
bgp_option_set(BGP_OPT_NO_FIB);